Valley Proofs

Sunday, April 16, 2017

I completed today a purchase of one more piece of Silicon Valley history, the EIMAC 100TH Transmitting Triode Radio Vacuum Tube. For $22 I will receive a working triode, with the birght prosepct of lighting its filaments again perhaps not to transmit but at least to show its colors on the oscilloscope.

EIMAC operated in nearby San Bruno this was not an accident, as the San Francisco Bay Area was an early center of ham radio with about 10% of the operators in the United States in the early 30's. Incidentally in a new sense San Bruno is still a ham radio hub today. Except the radio has been replaced by the internet, and the communications device is YouTube, based in San Bruno.

There's are some more interesting technical bits. The EITEL company was a spin-off from Heintz & Kaufman with the purpose to produce tubes that worked on lower voltages than those available to the amateur market at the time. In 1932 two radio amateurs, Jack McCullough (W6CHE) and Bill Eitel (W6UF) who at the time worked at Heintz and Kaufman, decided to build high power transmitters to work some of the 20 meter overseas stations being heard in California. They found to their dismay that the expensive transmitting tube they purchased refused to work at 1,000 volts and that was all the high voltage their power supply would provide for them. This had the effect to reduce the price of building radio-transmitters and very likely contributed to their affordability and expansion of use at the time, without undercutting the high end of the market. With the price of $24 in the thirties this is equivalent to about $450 in 2017. Certainly a much more affordable unit for the Ham radio population.

In late 1935 some tubes were sold to the U.S. Naval Research Laboratory for use in an experimental radar set that worked on 200 MHz. The 50T was the only tube that provided sufficient pulse power and that was able to stand up to the high plate voltage. More tubes were ordered by the military and in 1939 the first Navy sea radar tests used EIMAC tubes.The company later on moved its production from San Bruno to the nearby town of San Carlos.

Now why, industrial maternalism? It turns out that a union organizing drive in 1939-40 by the strong Bay area labor movement was fought off by EIMAC by adopting a strategy of welfare capitalism which included pensions and other generous benefits, profit sharing, and such extras as a medical clinic and a cafeteria. This is not unlike Google and YouTube being the best place to work for years in a row. If you were working at Google or Apple today you may be thinking this is a new development or perhaps just a more recent one tracing back to the ascent of the high tech computing industry. Well you would be wrong, this mode of operation seems to have started much earlier at least as we see with EIMAC in the mid 30's.

So what is this welfare capitalism, wikipedia has the following entry: "Welfare capitalism is capitalism that includes social welfare policies.[1] Welfare capitalism is also the practice of businesses providing welfare services to their employees. Welfare capitalism in this second sense, or industrial paternalism, was centered on industries that employed skilled labor and peaked in the mid-20th century."

Now when a symmetries inclined physicist's brain looks at "industrial paternalism" the immediate reaction is -- Wait, what's up with "industrial maternalism"? A quick Google search find exactly zero results for the term, leaving an ample opportunity of defining it. So with that I have sent my colleagues at Google a message:

"Is it not time for some "corporate maternalism"?! Not even a single hit on the term in Google search, the opportunity to define the term and make it a better cousin of paternalism. A caring version of welfare capitalism that works for us in the 21st century."

What we do:Films and plays are complex, creative endeavors, with hundreds of people working together on something that often changes daily. ProductionPro visually assembles all of a production's moving parts into one, dynamic platform – opening the door for a multitude of potential applications in the future.

Why we do it: The entertainment industry has been underserved by tech for decades. ProductionPro exists to help visual storytellers focus on doing what they do best – creating what the world watches.

Touching the code at almost every level, from AWS Elastic Beanstalk through data visualization algorithms on the iPad client

Tuning technical and organizational processes from experience and experimentation

Staying up to date with, contributing to, and applying the latest open source technologies

You Have:

Experience working independently and on a team, designing efficient algorithms that solve new and unexplored problems

A bachelor’s degree in computer science or math

A demonstrated knowledge of Python and REST APIs

An understanding of Django and Amazon Web Services are preferred

An ability to learn iOS, UIKit, XCode, and Objective-C

A demonstrated ability to balance long-term vision with short-term functionality

A background in algorithms and mathematics

An appreciation for film, theatre, and good storytelling

Bonus points if you have some technical contributions to show off (GitHub, App Store, or publications)

If you enjoy solving hard problems and want to enable the next generation of world-class entertainment creatives, please apply.

This is a New York-based position that offers a competitive salary and vested equity commensurate with experience, qualifications, and industry norms.

Principal Systems Engineer

Transform the way film, theatre and television are created. We’re looking for a principal engineer with 5-10+ years experience designing software systems and algorithms to join our small and mighty team.

What we do:Films and plays are complex, creative endeavors, with hundreds of people working together on something that often changes daily. ProductionPro visually assembles all of a production's moving parts into one, dynamic platform – opening the door for a multitude of potential applications in the future.

Why we do it: The entertainment industry has been underserved by tech for decades. ProductionPro exists to help visual storytellers focus on doing what they do best – creating what the world watches.

Saturday, December 12, 2015

I was looking over a stack of old conference papers and found this review of the paper written by myself in collaboration with Lucijan Carić, which we presented in 1996 at the Virus Bulletin Conference in Brighton, UK.

"After a welcome coffee break, Joe Wells (IBM) presented a paper on the PC-virus ‘hot zones’, after which Lucijan Caric and Boris Debic provided a timely reminder of the implications of an Internet-enabled world: if malware is able to send data silently to remote sites, then the problems, unfortunately, are all too clear."

The presentation was immediately following Joe Wells'. This was quite a recognition at the time, as Joe is and was back then widely regarded as one of the foremost experts in understanding security threats in the wild.

The paper had a couple of highlights. It was the first to establish a new class of threats. A category where threats would take advantage of the Internet, not only as a propagation medium as was already shown by Morris' out of control experiment with the Internet Worm, but a category where the threat uses the Internet for propagation, command and control, and data exfiltration or corruption. Keep in mind that at the time of this conference most computer viruses used media such as floppy disks, or removable hard disks for their propagation. The Internet was still in its early commercial days, not many nodes were yet connected at the approximately 10,000 institutions connecting to it. The protocols in use were fairly simple and without many features which could be exploited. After all they were designed for a benign and mostly collaborative academic setting.

"Morris thought he would need to build a 'global database' of infected computers. However, he admitted, doing that could prove 'really hard.' By the time he released the worm two weeks later, he had only made small steps toward implementing these ideas. He never created a command-and-control system that would have allowed him to send instructions to infected machines."

The key part of the paper was a full description followed by a demo of an example exploit which used a command and control intermediary to take complete control of the target computer system. The publication of this threat received a great deal of attention by researchers from industry, notably IBM and MacAffee whose representatives took part at the conference. It was not until almost three years later when the first attack using this combination was reported. Two trends were of particular consequence for creating a fertile field for these type of attacks. The first was the growing peopularity of the Internet browser and consequently a rise in the number of computers serving http and other protocols.

"In 1996, Netscape's share of the browser market reached 86% (with Internet Explorer edging up 10%); but then Microsoft began integrating its browser with its operating system and bundling deals with OEMs, and within two years the balance had reversed."

The number of computers and PCs connected to the Internet started a phase of rapid growth. Second - legislature was going through the U.S. Congress and Senate to place incentives for turning the Internet from an academic infrastructure to a commerce medium benefiting wider society.

"Four major versions of the Internet Tax Freedom Act currently are under consideration. The Senate version of this proposed legislation, S. 442, was approved in amended form by the Commerce, Science, and Transportation Committee on November 4, 1997. The House version, H.R. 1054, was approved in amended form by subcommittees of both the Commerce and Judiciary Committees on October 9, 1997. A new Senate version (S. 1888) called the "Internet Fairness and Interstate Responsibility Act"

July 8, 1997 was my first summer in Silicon Valley. I clearly remember when Internet traffic records were broken as NASA's website started serving images taken by Pathfinder on Mars. Many of these I have downloaded myself and they are still burned on CDs in my archive. Remember this was a time before Google and the ubiquity of information and it being available at any time provided a connection. This internet based broadcast generated 46 million hits in just a single day. The Internet reached a critical mass where it was now an important part of the way we consume and publish news (the word blog or web log was coined the same year), the way we communicate, and in the way we start to transact business. It is the following year, in 1998, when the the threat model described by us at the VB 1996 conference was reported. CNN reported:

"They created and released the program Back Orifice last year to the general public at the Las Vegas hacker and security conference DEF CON. The program allows its users to remotely control victims' desktops, potentially undetected. At this year's conference, on July 9, Sir Dystic says the cult will outdo itself and release Back Orifice 2000. The program, he says, is smaller, nimbler, and twice as nefarious."

Security experts had a mixed feeling about making a security point by releasing the threat into the open. But they also warned against Microsoft's lack of priority when it comes to how they treat the security of their operating system. Something which will be a thorn in Microsoft's side for many years to come.

"Computer security experts question the Cult of the Dead Cow's intent. Releasing a hacking tool like Back Orifice 2000 in the name of safeguarding computer privacy is a bit like the American Medical Association infecting cattle with the deadly e. coli bacteria to inspire food companies to sell healthier meats."

Back Orifice and its successor Back Orifice 2k (shortened to BO and BO2k) are a computer program designed for remote system control. It enabled a user to control a computer running the Microsoft Windows operating systems of the time from a remote location. This included control of the input devices, surveillance of the target computer, firewall tunneling, hiding its presence from the unsuspecting user and other capabilities. The name was a play on words of Microsoft BackOffice Server software.

It is exactly this scenario that we have predicted in our 1996 paper. From then on the phenomenon of Internet channel enabled threats, as we dubbed them then, only continued to grow and expand in reach. Currently such threats poise serious challenges not only for users and companies but to entire economies and states. Many non-state and state actors continue developing their capabilites in this area to enagage in both defensive and offensive activities.

I should point the reader to Stuxnet, probably one of the best documented examples of this family of software from the desktop era developed jointly by the US and Israel. While we in our paper from the perspective of computer security experts described the system as a threat, it's needless to say that any such system can and will likely be used as a cyberweapon, where a cyberweapon is defined as a malware agent employed for military, paramilitary, or intelligence objectives.

What is the future?

With the increased pervasiveness of mobile computing. The expanding ways in which mobile devices can excahnge data. To mention a few; over cell connections, over internet connections, through low energy proximal connectivity i.e. blue tooth but also sound waves or LED signaling. In addition, mobile devices travel around with us and collect data all day long. It can be data about ourselves (privacy) or data about the places we work at or visit (physical security) or the places at which we gather (event security and intelligence).

It should be fairly obvious that the complexity of defense against this new expanded category of capabilities will be very hard without an approach that takes a different look at computer and software security in the future.

With this new wave of growth of complexity and interconnectedness I am reminded of a thought by Gene Spafford (pic. above) who visited us a few weeks back. Without considering the whole picture and threat risk it is impossible to defend effectively from a threat in a complex system with many communication pathways.

"Secure web servers are the equivalent of heavy armored cars. The problem is, they are being used to transfer rolls of coins and checks written in crayon by people on park benches to merchants doing business in cardboard boxes from beneath highway bridges. Further, the roads are subject to random detours, anyone with a screwdriver can control the traffic lights, and there are no police."

Unfortunately in today's world we are still unable to completelly secure our servers, the economic damages keep growing and new ones are popping up in competitiveness and intelligence. Myself I am still on an identity theft alert program instituted at great cost by the company through which I had my health insurance plan. I still receive the post-theft status reports each month, as a grim reminder of the security reality. I am also reminded of my good friend a long time government and NASA employee who went to great strides to avoid using social networks to avoid her personal and social network data would not end in the wrong hands. We had a chat about a month ago and she reminded me of her efforts and how frustrating it was to leanr about this bit of news:

"The Office of Personnel Management (OPM) said data stolen from its computer networks included Social Security numbers and other sensitive information on 21.5 million people who have undergone background checks for security clearances."

The Mobile World

We are doing a better job in many respects than decades ago, but there is still more to be done, and more paradigms to be shifted or broken. The mobile computing ecosystem is only adding to the already complex reality and it will be imperative in the coming years to understand fully its consequences on the security landscape. And while leaders are thinking in new more adaptable ways about computer security today. It is still true, as it was back in 1996, that a new paradigm brings its own new qualities which have to be understood in order to properly build defenses - and it seems inevitable - offenses for its age. The major qualities brought by mobility in computing have already been mentioned but few which are novel and not seen in prior times are;

the ability to take massive ammounts of data and computing power nibly across locations and geographies,

and the ability to pop in and out of established or ad-hoc networks and meshes at any time.

These are probably the most interesting aspects of ubiquitous mobile computing that need to be researched from a security perspective, and they are being researched from other economic perspectives already. There are also significant differences in how different mobile leaders implement security paradigms on their platforms depending on whether they have the advantage of full control of their hardware and software platform or they are building a platofrm relying on open source and not targeting specific hardware. Both approaches have their strengths and weaknesses.

Hopefully the time gap between mobile's economic significance and proper security will be less delayed than in the previous paradigm shift - when the Internet changed profoundly computer security in the late 90's.

Thursday, May 9, 2013

Just in the past month @Google.(4/13-5/13/2013). And that's a bit lower than usual as I took a one day vacation and was two days on an offsite and a week in NYC (note the flatter second week on the sent side). Information overload?

The good news is we have great internal systems that help us cope with information. So in actuality this doesn't feel much more different than my private Gmail account which sees only moderate usage (now that I have moved many of the conversations to G+).

Sunday, May 5, 2013

A combination of video and textual blogging? I completed setting up the Flektoprime Channel on YouTube while at the same time testing the integration with the new redesign of YouTube One Channel UI changes. This thus far worked extremelly well. The visual appearance on different devices is consistent and the design ismuch better than before. Kudos on this one to the Kennedy team (the internal code name for Google's new generation UX).

I am going to creat a new tag on this blog for video related material. I may expand sometimes details in a blog post rather than in the video comments section. At least until the two converge a bit more.

Friday, May 3, 2013

I have this beautiful great sounding Kurzweil K2600X. Loaded with all the extra ROMs available; Orchestral, Contemporary, Triple strike piano, Vintage keyboards. Its a great instrument and its been part of our family for a long time now.

Here's Filip at the time not quite 4 yet, composing on the imposing machine.

Well a couple of months ago I spotted on eBay a SCSI memory card interface which fits the Kurzweil. I bought it a couple of weeks ago and decided that today was a good day to perform the surgery. Out with the 1.44 Mb floppy and in with the CF reader and an 8 Gb CF card. The card is partitoned into 4 x 2 Gb partitions. Two of them are loaded with samples, programs and setups. Expanding even more the machine's already impressive sound producing capabilities.

Dr. Kurzweil recently joined Google, where he is working on transforming search. His latest book How to Create a Mind is a very insightful work. I recommend reading it if you have an interest in how some of brains' parts work and how this may translate into intelligent machines. For a preview of what the book is about, watch this Authors@Google talk which we organized last year. It is a good introduction to the material in the book. So while Ray is building the new Googlecortex I had plenty of fun today turning inside out one of his older babies. A good day for surgery indeed.

And also I am pretty sure when machines become the new overlords the following plate may come in handy. I was friendly to them from the start ;-)

Friday, May 20, 2011

Ok, so everyone talks about how more kids need to take more science and engineering disciplines. Indeed I agree. It must have been the shift from science and engineering to into legal careers that somehow caused the following shift.

Above is one example from the 50's, an atomic energy lab! Below, a chemistry set from the 40's.

Times have changed, today's sets are an OLPC laptop and Python, a bunch of 74xx logic and 555 timers, or perhaps a LEGO robotics set. But still, for a future scientist trying some hands on chemistry and nuclear science on their own is not a such a bad idea. However, with all the litigation out there, this it came to the chemistry set below. Perhaps its time to add liability waivers to some of the toys - or better call them science education tools.

I'll prop Martin's site here, he's a former colleague and principal toy master at sci toys.